Daring Fireball’s Gruber doubles reward offer to ‘60-second MacBook hijackers’ challenge

“My ‘hijack this brand-new MacBook via wi-fi and it’s yours to keep’ challenge to David Maynor and Jon Ellch has not yet been accepted, but I do have a few additional points to address,” John Gruber writes for Daring Fireball.

“Jim Thompson, whose own coverage of this issue I’ve linked to several times, has offered to contribute a second matching MacBook, should Maynor and Ellch succeed in my challenge. Not only does this double the size of the bounty, but it should also make it easier for Maynor and Ellch to split their winnings — it admittedly wouldn’t be much fun to split a single MacBook,” Gruber writes.

Gruber writes, “Dozens of DF readers have emailed offering to contribute money to pay for the MacBook if I lose this challenge. This is both generous and encouraging, and my sincere thanks go out to everyone who’s offered. But, for now, please hold on to your money. If I lose — a big ‘if’ in my opinion — I’ll set up a DropCash campaign for people to contribute to. But I issued this challenge fully willing to foot the entire bill, should I lose.”

“But I’m pretty certain it won’t come to that. In fact, I’m pretty certain I could up the ante to a gold-plated MacBook at this point,” Gruber writes.

Full article here.

[Thanks to MacDailyNews Reader “Rainy Day” for the heads up.]

Related MacDailyNews articles:
Daring Fireball’s Gruber issues public challenge to ‘60-second MacBook hijackers’ – September 01, 2006
The curious case of the supposed Apple MacBook Wi-Fi hack – August 21, 2006
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006


  1. I have been reading the various blogs and websites about this supposed “Hacking a MacBook in under 60 seconds” and have formed the following opinions:

    1. Brian Krebs probably misinterpreted what Maynor and “Johny Cache” told him. He deserves derision for not understanding what he wrote about.

    2. Maynor and “Cache” may have actually found an exploit, but it is so unreliable (it is more likely to crash the machine than to allow control) that it really isn’t much of a danger as this point. One reason that they won’t take John Gruber’s offer is that they can’t reliably repeat the exploit.

    3. John Gruber is probably right (no exploit for MacBook) but there is the outside chance that they do have an exploit, but won’t release until it is patched. Even if they do have an exploit, see #2 above.

    4. George Ou is an asshat.

  2. @ dogfriend : Re item #2: If you read Gruber’s earlier articles, it doesn’t even appear they found anything; they likely used a previously documented exploit. That’s really the point of the challenge; to call them out to demonstrate that they did actually find something.

  3. Rainy Day –

    Yes I agree that John Gruber thinks they made it all up – I also read the latest posts from “Johny Cache” and his explanation of how a “similar” exploit works on the Centrino. It seems plausible that they found a “similar” exploit for the Intel Mac – or maybe he is bluffing – I don’t know for sure. In any event, he admits that the Centrino exploit is just as likely to crash the computer as it is to allow a hacker to gain control. They basically flood the WiFi with a high number of requests and then inject their code and hope that their code executes when the system recovers.

  4. Dogfriend:

    Go to George Ou’s site (Yeah, yeah, I know he’s an idiot, but…) at this url: http://blogs.zdnet.com/Ou/?p=305 and look at the interview he’s got the video for.

    In that video, which is Kreb’s original interview at the Black Hat, Maynor is asked directly if the hack they are talking about also works against the internal MacBook card and driver. Maynor answers NO.

    How Krebs got from there to what he reported in his column, I’ll never know.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.